Hack Attack Halts Flow, Rollback Plan Sparks Internal Ecosystem War

null

Author | Asher (@Asher_ 0210)

Last Saturday afternoon, a sudden hacker attack plunged the Flow network into chaos. This Layer 1 network built by the Dapper Labs team was designed for next-generation applications, games, and digital assets, but during execution, a vulnerability at the execution layer was exploited, resulting in approximately $3.9 million in assets being transferred off-chain. Following the attack, its token FLOW was temporarily halved in value, plummeting from $0.173 to $0.079, and has since rebounded slightly to around $0.107.

FLOW K-line chart

Below, Odaily Planet Daily summarizes this Flow theft incident, the official response, and why it has sparked strong doubts from Flow partners and the community.

Flow Official Emergency Response: Isolate the network and announce a rollback plan

After the attack, the Flow Foundation responded quickly and confirmed the details of the incident. The attacker exploited a vulnerability at the execution layer to transfer about $3.9 million in assets. The incident did not affect existing user balances, and user deposits remain safe. The relevant attack addresses have been marked, and money laundering paths are being tracked. The foundation has submitted asset freeze requests to Circle, Tether, and several major exchanges.

To clean up illegal on-chain transactions and fix the vulnerability, the Flow Foundation isolated the network and released the mainnet vulnerability fix version Mainnet 28. The initial plan was to roll back the network state to the checkpoint before the attack, at Cadence block height 137363395, thereby deleting all transactions within approximately six hours. All transactions, legal or not, would be removed, and users would need to resubmit transactions after node restart. The foundation believes this is the safest way to restore network integrity and repeatedly emphasizes that user funds will not be affected during this process, promising updates on the incident every two hours.

This rollback decision, seemingly decisive, quickly ignited a chain reaction—because the hacker’s funds had already bridged out of the chain, rolling back would have no impact on the attacker, only affecting honest users and partners.

Cross-chain bridge partners and community users strongly oppose, and the rollback plan is heavily criticized

After the rollback plan was announced, cross-chain bridge partners and community users within the Flow ecosystem quickly questioned it collectively. Alex Smirnov, co-creator of deBridge, a major cross-chain bridge partner of Flow, publicly criticized the decision on X platform as being too hasty and uncommunicated with key bridge partners beforehand. As an important asset channel in the Flow ecosystem, deBridge did not receive prior notice of the rollback.

Smirnov pointed out that the potential damage caused by the rollback could far exceed the initial hacker attack itself. Since cross-chain assets have already circulated across multiple systems, forcing a rollback could trigger issues like asset duplication and inconsistent custody states, ultimately harming bridges, users, and counterparties operating within the window period. He disclosed that on deBridge, about $200,000 and $50,000 are within the rollback window; executing a rollback could cause funds on one side to vanish or lead to extreme cases of asset re-minting.

Based on these risks, Smirnov called on Flow validators to pause block production and validation until a compensation plan, partner coordination mechanism, and independent security team intervention plan are clarified. Such issues are not isolated. As the main cross-chain custodian of USDC on the Flow network, LayerZero also faces risks of cross-chain transactions worth approximately $220,000 and $180,000 falling within the rollback window.

In addition to Flow ecosystem cross-chain partners, users on X platform have begun to express concerns about fund safety, developers question the network’s reliability and governance in extreme situations, and investor sentiment has shifted to caution, with selling pressure increasing. Many voices point out that the rollback itself exposes the reality of centralized control on the chain, turning what was a technical incident into a trust crisis.

Some community opinions further target the core principles of blockchain. Some believe that rollback directly undermines finality and immutability, making Flow more like a consortium chain subject to administrative intervention at critical moments. Others compare this to historical security incidents on other public chains, noting that similar situations are usually handled by isolating attacker addresses and freezing fund flows, rather than globally rolling back the entire network state.

Crypto KOL Wazz (@WazzCrypto) directly stated on X that Flow’s rollback decision is one of the worst handling methods he has seen. In his view, the attacker had already moved about $4 million off-chain, and the rollback would have little to no substantive impact on them. The real victims are innocent users who use the network via cross-chain bridges normally.

Flow Official Changes Attitude: Abandon rollback, adopt an isolation recovery plan

Faced with strong opposition from partners and the community, the Flow official ultimately decided to abandon the network rollback and switch to an “isolation recovery plan.” This plan was formulated through direct negotiations with cross-chain bridges, exchanges, and infrastructure partners, with key points including:

No rollback/reorganization, retain all legitimate user activities;

No partner replay of transactions;

Over 99.9% of accounts unaffected, normal operation after restart;

During restart, temporarily restrict accounts receiving illegally minted tokens;

Additionally, the network will be restored in phases:

Phase 1: Deploy Cadence environment, temporarily restrict EVM;

Phase 2: Fix Cadence (about 24 to 48 hours);

Phase 3: Fix EVM and restart;

Phase 4: Restore cross-chain bridge/exchange access, with specific timing to be decided by operators based on stability.

Furthermore, Dapper Labs, the team behind Flow, expressed support for this plan on X, stating “preserve legitimate activity and provide a clear recovery path.”

This “abandon rollback” attitude has temporarily eased the ecosystem’s tension and avoided the systemic risks that a rollback might trigger. As of now, the network remains in phased coordination and recovery, with the official stating user funds remain safe.

In the highly uncertain crypto environment, this crisis may become a significant watershed in Flow’s development path, and its long-term impact remains to be seen.